Interview Infrastructure as Code (Terraform, Ansible)

How do you run an Ansible playbook in check (dry-run) mode?

Infrastructure as Code (Terraform, Ansible) · Advanced level

Answer

Check mode is Ansible's dry-run mode, invoked with --check. It predicts changes without applying them for modules that support check mode. I combine it with --diff for file changes, but I still treat it as a signal rather than a perfect guarantee for every module.

Technical explanation

Not every module fully supports check mode, so inspect skipped or unsupported tasks.

--diff shows what file changes would be made, which is useful for review.

Use check mode in PR or pre-prod, not as the only production safety gate.

Prefer idempotent modules over shell so repeated runs are safe and change reporting is meaningful.

Separate reusable role logic from inventory-specific variables so the same automation works across environments.

Run lint, syntax checks, check mode where useful, and staged rollouts before production-wide changes.

Hands-on example

1. Add Ansible safety checks for: How do you run an Ansible playbook in check (dry-run) mode?

2. CI commands:

ansible-playbook --syntax-check site.yml

ansible-lint .

yamllint .

ansible-playbook -i inventory/stage site.yml --check --diff

3. Avoid state: latest in production unless the rollout is explicitly an upgrade window. Prefer pinned versions or approved repositories:

- name: Install approved app version

ansible.builtin.package:

name: myapp-1.8.4

state: present

4. For mixed fleets, drive differences through group_vars, host_vars, and facts rather than copied playbooks.

5. Gate production runs behind review and record playbook version, inventory, operator, and output artifact.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Infrastructure as Code (Terraform, Ansible) interview questions

← All Infrastructure as Code (Terraform, Ansible) questions